Terraform: Terraform 0.12 - AWS elastic beanstalk settings always shown as added/removed even when unchanged
Terraform Version
Terraform v0.12.3
Terraform Configuration Files
See attached
Debug Output
Crash Output
Expected Behavior
Expected Terraform 12 output, notice the tilda next to the changed setting only (A_VAR3).
Terraform will perform the following actions:
# module.eb_env.aws_elastic_beanstalk_environment.eb_env will be updated in-place
~ resource "aws_elastic_beanstalk_environment" "eb_env" {
setting {
name = "A_VAR1"
namespace = "aws:elasticbeanstalk:application:environment"
value = "false"
}
setting {
name = "A_VAR2"
namespace = "aws:elasticbeanstalk:application:environment"
value = "backend"
}
~ setting {
name = "A_VAR3"
namespace = "aws:elasticbeanstalk:application:environment"
~ value "false" -> "true"
}
setting {
name = "A_VAR4"
namespace = "aws:elasticbeanstalk:application:environment"
value = "uat"
}
############### etc ###############
Actual Behavior
Actual Terraform 12 output, notice the settings being removed and re-added, even the ones which values haven't changed.
Terraform will perform the following actions:
# module.eb_env.aws_elastic_beanstalk_environment.eb_env will be updated in-place
~ resource "aws_elastic_beanstalk_environment" "eb_env" {
all_settings = [
{
name = "A_VAR1"
namespace = "aws:elasticbeanstalk:application:environment"
resource = ""
value = "false"
},
{
name = "A_VAR2"
namespace = "aws:elasticbeanstalk:application:environment"
resource = ""
value = "backend"
},
{
name = "A_VAR3"
namespace = "aws:elasticbeanstalk:application:environment"
resource = ""
value = "false"
},
{
name = "A_VAR4"
namespace = "aws:elasticbeanstalk:application:environment"
resource = ""
value = "uat"
},
############### etc ###############
- setting {
- name = "A_VAR1" -> null
- namespace = "aws:elasticbeanstalk:application:environment" -> null
- value = "false" -> null
}
+ setting {
+ name = "A_VAR1"
+ namespace = "aws:elasticbeanstalk:application:environment"
+ value = "false"
}
- setting {
- name = "A_VAR2" -> null
- namespace = "aws:elasticbeanstalk:application:environment" -> null
- value = "backend" -> null
}
+ setting {
+ name = "A_VAR2"
+ namespace = "aws:elasticbeanstalk:application:environment"
+ value = "backend"
}
- setting {
- name = "A_VAR3" -> null
- namespace = "aws:elasticbeanstalk:application:environment" -> null
- value = "false" -> null
}
+ setting {
+ name = "A_VAR3"
+ namespace = "aws:elasticbeanstalk:application:environment"
+ value = "true"
}
- setting {
- name = "A_VAR4" -> null
- namespace = "aws:elasticbeanstalk:application:environment" -> null
- value = "uat" -> null
}
+ setting {
+ name = "A_VAR4"
+ namespace = "aws:elasticbeanstalk:application:environment"
+ value = "uat"
}
############### etc ###############
Actual Terraform 11 output, notice the settings aren't removed and re-added, unless the value has actually changed
Terraform will perform the following actions:
~ module.eb_env.aws_elastic_beanstalk_environment.eb_env
############### etc ###############
setting.1139450884.name: "A_VAR1" => "A_VAR1"
setting.1139450884.namespace: "aws:elasticbeanstalk:application:environment" => "aws:elasticbeanstalk:application:environment"
setting.1139450884.resource: "" => ""
setting.1139450884.value: "false" => "false"
setting.1225551841.name: "A_VAR2" => "A_VAR2"
setting.1225551841.namespace: "aws:elasticbeanstalk:application:environment" => "aws:elasticbeanstalk:application:environment"
setting.1225551841.resource: "" => ""
setting.1225551841.value: "backend" => "backend"
setting.1608703503.name: "A_VAR3" => ""
setting.1608703503.namespace: "aws:elasticbeanstalk:application:environment" => ""
setting.1608703503.value: "false" => ""
setting.226902369.name: "" => "A_VAR3"
setting.226902369.namespace: "" => "aws:elasticbeanstalk:application:environment"
setting.226902369.value: "" => "true"
setting.3000736565.name: "A_VAR4" => "A_VAR4"
setting.3000736565.namespace: "aws:elasticbeanstalk:application:environment" => "aws:elasticbeanstalk:application:environment"
setting.3000736565.resource: "" => ""
setting.3000736565.value: "uat" => "uat"
############### etc ###############
Steps to Reproduce
Additional Context
My issue is with settings being removed/nulled and re-added, regardless of whether or not they have changed, leading to huge output in Terraform 12. I suspect this isn't just an issue with the AWS Elastic Beanstalk resource, but this is my only experience of the issue.
In Terraform 12, the output first shows the current values of all the settings, even ones which aren't customised in the aws_elastic_beanstalk_environment resource and then outputs another list, which appears to show the settings which are customised, being removed and re-added, regardless of whether or not their value has changed! The first issue is this soon fills up the screen buffer!
The bigger issue is that the only way of being able to determine which setting(s) have changed is to manually compare the value being added with the value being removed, one by one. This is very time consuming and error prone when you have over 90 settings to go through!!
In Terraform 11, the output doesn't first show the current values of all the settings. This alone, reduces the output significantly.
More importantly, it also doesn't show the settings being removed and re-added, unless the value has actually changed. It was therefore HUGELY easier to determine what had changed from looking out for those with values getting nulled and then getting changed from null to the new value, which gave you something to look out for relatively easily! I could even use:
terraform plan | awk -F""" '$4 != $2 { print $0 }'
to just show the setting(s) which have changed, which worked very nicely i.e. below shows A_VAR3 being the changed value, from false to true.
setting.1608703503.name: "A_VAR3" => ""
setting.1608703503.namespace: "aws:elasticbeanstalk:application:environment" => ""
setting.1608703503.value: "false" => ""
setting.226902369.name: "" => "A_VAR3"
setting.226902369.namespace: "" => "aws:elasticbeanstalk:application:environment"
setting.226902369.value: "" => "true"
References
autodeck
All 10 comments
I'm having the same issue.
gposton
on 28 Oct 2019
I too am having this issue.
$ tf version
Terraform v0.12.9
+ provider.aws v2.31.0
jpf
on 29 Oct 2019
I resolved this by adding a resource argument to each option setting, set to null
i.e.
setting {
name = "A_VAR1"
namespace = "aws:elasticbeanstalk:application:environment"
value = "false"
}
becomes
setting { name = "A_VAR1" namespace = "aws:elasticbeanstalk:application:environment" value = "false" resource = "" }
The documentation says that this argument is optional:
https://www.terraform.io/docs/providers/aws/r/elastic_beanstalk_environment.html
I would disagree and say that the documentation should be updated,
autodeck
on 1 Nov 2019
I resolved this by adding a
resourceargument to each option setting, set to null
i.e.setting { name = "A_VAR1" namespace = "aws:elasticbeanstalk:application:environment" value = "false" }becomes
setting { name = "A_VAR1" namespace = "aws:elasticbeanstalk:application:environment" value = "false" resource = "" }The documentation says that this argument is optional:
https://www.terraform.io/docs/providers/aws/r/elastic_beanstalk_environment.htmlI would disagree and say that the documentation should be updated,
Thanks! this solve the issue for me as well.
I tried to use beanstalk templates but had other issues with that. your finding really helped.
Thanks!
jerasioren
on 25 Dec 2019
@jerasioren thank you! worked like a charm... so much simpler to audit the plan output!
gposton
on 6 Jan 2020
Thank you @autodeck! This is a big help!
jpdoria
on 18 Feb 2020
for me, it's still showing some changes every time after adding resource = ""
setting {
name = "IamInstanceProfile"
namespace = "aws:autoscaling:launchconfiguration"
value = "iam-nstance-profile"
}
+ setting {
+ name = "InstancePort"
+ namespace = "aws:elb:listener"
+ value = "80"
}
+ setting {
+ name = "InstancePort"
+ namespace = "aws:elb:listener:443"
+ value = "80"
}
setting {
name = "InstanceType"
namespace = "aws:autoscaling:launchconfiguration"
value = "t2.medium"
}
+ setting {
+ name = "SSLCertificateArns"
+ namespace = "aws:elb:listener:443"
+ value = "arn:aws:acm:us-west-1:234980249032344342:certificate/0dfewrs53fd8d-9877-44e2-9bfd-8dd6946ccac4"
}
setting {
name = "SSLCertificateArns"
namespace = "aws:elbv2:listener:443"
value = "arn:aws:acm:us-west-1:234980249032344342:certificate/0dfewrs53fd8d-9877-44e2-9bfd-8dd6946ccac4"
}
- setting {
- name = "Subnets" -> null
- namespace = "aws:ec2:vpc" -> null
- value = "subnet-062aaadsfasdfs3a6e2,subnet-0b5aa5sdfadsfsd3948" -> null
}
+ setting {
+ name = "Subnets"
+ namespace = "aws:ec2:vpc"
+ value = "subnet-062aaadsfasdfs3a6e2,subnet-0b5aa5sdfadsfsd3948"
}
+ setting {
+ name = "ConfigDocument"
+ namespace = "aws:elasticbeanstalk:healthreporting:system"
+ value = jsonencode(
{
+ Rules = {
+ Environment = {
+ Application = {
+ ApplicationRequests4xx = {
+ Enabled = false
}
}
}
}
+ Version = 1
}
)
}
- setting {
- name = "ConfigDocument" -> null
- namespace = "aws:elasticbeanstalk:healthreporting:system" -> null
- value = jsonencode(
{
- Rules = {
- Environment = {
- Application = {
- ApplicationRequests4xx = {
- Enabled = false
}
}
}
}
- Version = 1
}
) -> null
}
ashishmohite
on 5 Mar 2020
The issue is still present for me too. In my scenario i'm trying to import existing Environment and even after adding resource ="" the settings are added in terraform plan
shruk95
on 2 Sep 2020
This is still occurring for me, but I see that it relates to the ordering of CSV value entries...
$> terraform version
Terraform v0.12.29
For example - same groups, different order - registers as a diff every time I tf apply
- setting {
- name = "SecurityGroups" -> null
- namespace = "aws:autoscaling:launchconfiguration" -> null
- value = "sg-0acd826bd4d604b31,sg-0bd83fc1960b614a1,sg-0be589df4f5bbd087" -> null
}
+ setting {
+ name = "SecurityGroups"
+ namespace = "aws:autoscaling:launchconfiguration"
+ value = "sg-0be589df4f5bbd087,sg-0bd83fc1960b614a1,sg-0acd826bd4d604b31"
}
same with subnets - always register as a diff when tf apply due to ordering of the lists:
- setting {
- name = "ELBSubnets" -> null
- namespace = "aws:ec2:vpc" -> null
- value = "subnet-02e8dc3b2caad5484,subnet-0631bb81e00bb25aa,subnet-0a1802ccd40339993" -> null
}
+ setting {
+ name = "ELBSubnets"
+ namespace = "aws:ec2:vpc"
+ value = "subnet-0a1802ccd40339993,subnet-02e8dc3b2caad5484,subnet-0631bb81e00bb25aa"
}
And my instance role profile also always registers as a diff, from null -> my existing instance role profile
+ setting {
+ name = "IamInstanceProfile"
+ namespace = "aws:autoscaling:launchconfiguration"
+ value = "arn:aws:iam::564576066196:instance-profile/nbcvcms-dev-ebs-ec2-instance-profile"
}
- setting {
- name = "IamInstanceProfile" -> null
- namespace = "aws:autoscaling:launchconfiguration" -> null
- value = "nbcvcms-dev-ebs-ec2-instance-profile" -> null
}
scottb-isp
on 9 Jan 2021
Having the same issue... Adding resource = "" works for some of them but not all...
GeertWille
on 13 Jan 2021
Related issues
jrnt30
路
3Comments
rjinski
路
3Comments
rkulagowski
路
3Comments
c4milo
路
3Comments
sprokopiak
路
3Comments
Most helpful comment
I resolved this by adding a
resourceargument to each option setting, set to nulli.e.
becomes
The documentation says that this argument is optional:
https://www.terraform.io/docs/providers/aws/r/elastic_beanstalk_environment.html
I would disagree and say that the documentation should be updated,